Category Archives: Attorney Ethics & Social Media

My children don’t always use actual sentences when they speak with me. Occasionally I get a “sure” or “whatever.” More often than not, however, it’s a series of audible grunts. Over the years I’ve been able to decipher these noises and I’ve come to realize that they are primitive, albeit valid attempts at communication. That’s what passes for communication at the teenage years. Grunts, moans, maybe even a raised eyebrow. When your kids are that age, you’ve got to expand what you’ll accept as a communication or you might not interact with them at all.

Just as a parent needs to broaden their view of what constitutes a communication, so too does a lawyer. A variety of sources confirm that the definition of what constitutes a “statement” or a “communication” that would trigger the rules is expanding. Consider the following case.

In 2016 a Missouri woman was indicted for suspected support of Islamic State. According to the Wall Street Journal, Safina Roe Yassin, “called for the killing of U.S. law enforcement employees and military members by retweeting posts that contained their detailed personal information…According to the indictment, one of the tweets she retweeted contained the line, Wanted to kill. According to the government, this retweet and other social media postings by Ms. Yassin signaled her active support for ISIS and her intention to communicate threats on their behalf.”

The journal went on to report, “A novel issue is how the law should treat retweets, a feature that allows Twitter users to repost other people’s tweets. In a court filing last month, Ms. Yassin’s lawyer…said his client was ‘merely reporting someone else’s statements.”

Here’s why I think this is important. It’s the first case I’ve seen where a prosecuting agency is trying to affix liability on a person as a result of something they shared on social media. It’s the first case I’ve seen where the prosecution is claiming that by redistributing the content, the retweeter is primarily responsible for the statement as if they said it themselves.

This isn’t the first time someone is getting in trouble because of something they’re posting on the internet— there are lots of cases where people face liability for making some comment on social media. but I don’t recall any other criminal matter where the defendant was being charged with being primarily liable for distributing another person’s content. Here, the defendant redistributed someone else’s statement, and the re-distributor is, therefore, being considered to have uttered the offending statement.

Ultimately, this case may fail. There are substantive criminal law issues, as well as first amendment concerns. But I’m not bringing this up because of the substance of this indictment. Rather, this case is about the expanding definition of a person’s “statement” or a “communication” and the attorney ethics implications.

If a prosecutor on the criminal world is taking this position, then it’s only a matter of time before a prosecutor in an ethics context takes the position. I can envision some ethics investigator saying that a lawyer’s retweet of someone’s statement constitutes that lawyer’s statement, or “communication” under the rules. The attorney ethics implications are significant. Consider the following hypothetical:

You’re representing a client in a particularly nasty land use application. The client wants to demolish an historic home and the local land use board is opposed to it. There is a lot of hostility between your client and the land use board because the board wants to save the structure. In an effort to put pressure on the board, your client fabricates the following statement and tweets it one evening, “East Bumble board turned down my application for a demolition permit. I don’t care—starting construction tomorrow! Firing up the bulldozer!” You retweet that statement.

You know the statement isn’t true because you were at the meeting earlier in the day where the board tabled the application without denying it. You also know that your client is overseas and has no intention of actually starting construction. He told you a few hours ago that he was going to take to Twitter just to “rattle the board’s cage a little.”

However….one of the land use board members follows you on Twitter and sees the retweet. He believes that your client might actually take the action described and, to avoid the destruction of a potentially irreplaceable historic structure, he directs the board attorney to immediately file for an injunction against your client, which she does. The board incurs a significant cost.

Could this be a misrepresentation that’s actionable under the rule? Consider that Rule 4.1 states (in part), “In the course of representing a client a lawyer shall not knowingly: (a) make a false statement of material fact or law to a third person…” Does this statement qualify?

Yes, it’s false— you know the statement is completely fabricated and that there isn’t going to be any construction

Yes, it was made to a third person—it wasn’t just communicated to a third person, it was communicated to a whole lot of third persons

Yes, it was material— the other side relied on that statement when it decided to engage in the considerable expense of filing suit

Yes, you “knowingly” disseminated the information— that was your state of mind because you knew what you were doing.

The obvious question is whether you can be said to have made the statement. If the ethics authorities adopt the broader position that the prosecution took in the Yassin case, then yes. In a world where a retweet constitutes a person’s statement, you could be deemed to have made that false statement.

This issue would also arise any time a lawyer might make a “communication” as well. Rule 7.2(a), states that, “a lawyer may advertise services through…electronic communication…” If your partner posts on Facebook a statement saying “I am ready to accept new clients. Call me now for a free consultation!” If you share that, then you might be responsible for making the electronic communication. That might not be a problem, unless one day you share something that is not true, and you violate Rule 7.1.

A recent opinion out of the DC Bar provides a decent list of the issues you need to worry about when using social media. Here are the only two criticisms I have — and I admit that they are nit-picky criticisms.

First– it’s not exhaustive. There are a bunch of other issues that aren’t addressed here, but they get the biggies.

Second– this opinion could have been written five years ago. At least.

This week it was announced that Microsoft is buying LinkedIn. There are some hidden attorney ethics implications about which we all need to be aware.

A review of the recent news articles announcing the acquisition reveals that a key motivating factor in Microsoft’s purchase of LinkedIn was access to LinkedIn’s data. Of course, sharing data is nothing new. But when companies improve their ability to share our data across various platforms, my ears perk up. Not just because it’s creepy or because of obvious privacy implications. The type of data sharing they’re contemplating in the Microsoft/LinkedIn combination makes me worry about confidentiality (and other) issues.

“LinkedIn’s users are, arguably, Microsoft’s core demographic. They also offer Microsoft something it has long sought but never had—a network with which users identify. Microsoft needs to persuade LinkedIn users to adopt that identity, and use it across as many Microsoft products as possible.

Access to those users, as well as the enormous amounts of data they throw off, could yield insights and products within Microsoft that allow it to monetize its investment in LinkedIn in ways that the professional networking site might not be able to. [Microsoft CEO] Mr. Nadella already has mentioned a few of these, including going into a sales meeting armed with the bios of participants, and getting a feed of potential experts from LinkedIn whenever Office notices you’re working on a relevant task.“

In other words, Microsoft wants to have your Outlook and other Microsoft software products speak to your LinkedIn profile. The intersection of that data is valuable — various sellers of products and services would be willing to pay for it.

It appears that Microsoft wants to be able to read through the work we do on their products like Word, review our upcoming appointments in our Outlook calendar, search for keywords in our emails, and then find connections with people with our LinkedIn connections. That’s what they are searching for — connections they could monetize.

For instance, let’s say accountant X has an Outlook Calendar appointment which sets a meeting with “Charles McKenna of Account-Soft Corp.” Microsoft could then search LinkedIn and it would learn that McKenna works for a company that sells workflow management software. Well, now Microsoft knows the accountant is in the market for workflow management software….and they could sell that knowledge to other software companies who would then direct solicitations in the accountant’s direction. That’s an annoyance for an accountant, but a potential ethics disaster if he/she were a lawyer.

Basic issue, Confidentiality:

If Microsoft scours our Word documents and emails, then there could be Rule 1.6 confidentiality issues. That’s so obvious that we don’t need to spend time talking about it now. I think the more unusual issues come from the Calendar function…

If they leverage the data in our Calendar, it could reveal our client relationships:

The substance of what we learn from the client is confidential, but so is the very existence of the lawyer-client relationship. Will the integration of these platforms make it easier for people to figure out who we represent?

Think about how much information Microsoft could piece together from our Calendar. They might see a potential client introduction (which lists Pete Smith as present), a court appearance (which lists Pete Smith as present), and a meeting for settlement purposes (which lists Pete Smith as present). It’s not going to be too tough for the Microsoft bots to figure out that Pete Smith is your client.

If they leverage data in our Calendar, it could reveal key substantive information that could harm the client:

If Microsoft looks at our Calendar they can see that we’re heading to a particular locale. They might then cross reference our LinkedIn connections and send a message to one of them that says something like, “Your connection Bruce Kramer is going to Chicago next week. Why don’t you look him up?”

That heads-up might give someone the incentive to look into our movements a bit more…and who knows what they could find. What if that info was given to a real estate agent that we know in Chicago…and maybe we are representing a successful land owner…and we’re clandestinely scouting a real estate purchase because we don’t want people to figure out that we’re there on behalf of our deep-pocketed client…because if they know, the purchaser will run up the price. That LinkedIn message tipped off the real estate agent and it could cost the client a lot of money.

If they leverage data in our Calendar, it could end up revealing a misrepresentation:

Imagine that Client A asks you to accompany them to a meeting in Los Angeles. You tell her that you can’t go because you’ll be on vacation on the East Coast. That’s not true, however. The truth is that you’ve already scheduled a meeting with a potentially new client in Los Angeles. You didn’t want Client A to know that you’d be in town because you didn’t want to have to shuffle between clients- it would just be too much work. You could have told Client A that you’d be in town but you didn’t have time to meet her, but you thought she’d be insulted. It was just easier to say you’re far away and be done with it.

Later, Client A gets a LinkedIn message that says, “Your Connection Mary Smith is going to be in Los Angeles next weekend…send her a message and try to link up!” Do you know what you are now? Busted. And not only do you have egg on your face, but you may also have committed an ethical violation.

Is the white lie that you told your client going to be considered a misrepresentation or deception per Rule 8.4(c)? That rule states: “It is professional misconduct for a lawyer to (c) engage in conduct involving dishonesty, fraud, deceit or misrepresentation…”

I know what you’re thinking…it was a half-truth. No harm no foul. Well, I searched the ethics code, and I didn’t find the term “white lie” or “half-truth” anywhere in the code. You should also note that Rule 8.4(c) does not require that the misrepresentation be “material.” It doesn’t allow you to lie about inconsequential things and there’s no modifying language- it just says that you can’t lie or deceive.

These are just a few issues. Some of these are clear ethics concerns, others are more akin to PR nightmares. Are they so terrible that we all need to get off LinkedIn right away? That might be a bit premature. After all, they only just announced the merging of the platforms- they haven’t actually done anything yet. I don’t know what dangers will actually be realized, or whether any dangers will be realized at all. What I do know is that part of being a responsible attorney in this technological age is to be diligent in thinking about these issues. As lawyers practicing in an ever-changing technological environment, we need to be aware of the potential problems. Keep your eye on the news and stay abreast about the details regarding the integration of these two platforms. Then, if you determine that you need to act, do so. That way we are “keep[ing] abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.” Comment [8], Rule 1.1

The massive leak of confidential documents from the Panamanian law firm Mossack Fonseca is still sending shock waves throughout the world. It’s likely to keep reverberating for some time. We’re not any closer to learning the origin of the leak because the newspaper who disseminated the information won’t reveal their source. We don’t know if the information was stolen and distributed by an activist hacker, or leaked by a current/former employee of the law firm.¹ What we do know us that a whole lot of confidential information was released and, “the data primarily comprises e-mails, pdf files, photo files, and excerpts of an internal Mossack Fonseca database.”²

In my last threat assessment I discussed the concerns about the possibility that the firm was hacked, but there is another, equally disturbing concern. The leak could have been the work of an employee of the firm, perhaps acting as a whistleblower of sorts. In that case, what should the firm fear and what are the ethical concerns?

The thing to fear? Copycats.

Sure, the idea of whistleblowers is nothing new, but I’m concerned about people who are inspired by the Snowdens and the WikiLeaks of the world. I’m worried that high profile leaks could be inspiring others to adopt a pseudo-Robin Hood mentality. I call them Disclosure Vigilantes— those employees who feel that it’s their societal duty to expose the things they define as “wrongs.” I’m not talking about people who expose criminal conduct— I’m talking about those copycats who steal and/or reveal our clients’ confidential data and leak it to someone outside the firm in an effort to make public something that they define as an affront to society. They could be personally disgusted by someone’s “excessive wealth,” or feel compelled to “uncover the extent to which Corporate America will go to keep the average worker down”….name your cause, name your villain.

The ethical concerns? Hiring and Supervision

If there is a danger that firm employees could be Disclosure Vigilantes, then what are we doing to counteract it? We need to ask whether the firm is properly vetting all of our new hires, including those in IT. Plus, are we asking the right questions during the interview process? Does our interview process in some way consider the issue of purposeful leaks (note that I’m an ethics guy, not a labor law guy, so talk to a labor lawyer to ensure that whatever questions you ask aren’t improper from a privacy/labor law/etc., perspective). From an ethical point of view, that sort of targeted due diligence during hiring could constitute the appropriate “thoroughness” required by Rule 1.1 (Competence), and it might be the “reasonable diligence” that’s required by Rule 1.3 (Diligence).

But it goes beyond just hiring. After the employees are hired we need to manage our staff, and Rule 5.3 requires that we supervise nonlawyer personnel. Lawyers in a firm have a responsibility to ensure that our nonlawyer employees behave in a manner that’s “compatible with the professional obligations of the lawyer,” and that has historically included confidentiality, among other things. But given the new reality of Disclosure Vigilanteism, that duty to supervise might be expanding to include the need to watch for morality-based intentional leaks of client information.

A savvy lawyer might see a third angle— (1) we should properly screen our new hires, (2) we should properly supervise our employees to make sure no disclosures are occurring, and…(3) maybe we should also watch for changed circumstances to our employees which could increase the probability of a purposeful disclosure. Remember, employees could change during their tenure at the firm. If that’s the case, the wise firm might ask whether we are periodically reviewing the staff to check for changed circumstances in our employees that might lead to Disclosure Vigilanteism (being cognizant, of course, of the limitations that are imposed by privacy restrictions and other labor law).

The potential for copycat Disclosure Vigilantes might be altering our responsibilities in hiring and supervising employees. I don’t want you to be that firm….the firm that finds itself in front of an ethics tribunal listening to them say, “the signs were there…you didn’t look for them”…and then hearing that dreaded phrase…you “should have known” this was going to be a problem.

For years people have been warning that law firms of all sizes are major targets for cyber-criminals. If your firm didn’t take that seriously before, then there are two major hackings last week that should get your attention.

The Wall Street Journal reported that cyber criminals breached Cravath, Weil Gotshal, and several other unnamed firms (read the article here: http://on.wsj.com/1MzYlN2). The paper states that it’s not clear what (or whether) information was taken, but the focus is on the possibility of confidential information being stolen for purposes of insider trading.

The other major breach is so big that it has its own hashtag— search Twitter for #PanamaPapers or #PanamaLeaks. According to Reuters, the target was a law firm in Panama who specializes in setting up offshore companies. Hackers stole data from the firm and provided that data to journalists who promptly revealed it to the public (read the article here: http://reut.rs/25GEy4X). The information allegedly reveals a network of offshore loans. According to the BBC, the stolen data reveals how the law firm, “has helped clients launder money, dodge sanctions and avoid tax” (read the BBC’s article here: http://www.bbc.com/news/world-35918844). Political figures and friends of popular politicians are allegedly implicated, according to the report.

My concern is not about the obvious political ramifications. My concern is about the ethical ramifications to lawyers. The danger of hacking is real.

No report has implicated any type of ethical wrongdoing on the part of any firm. That needs to be restated and made abundantly clear: there has been no report of any evidence of ethical impropriety by any of the law firms mentioned in the news. I am bringing this to your collective attention because it should serve as a warning. Confidential client information was stolen from that law firm in Panama….which reminds us that we are targets.

All lawyers are targets. Small firms, large firms, in-house counsel, government lawyers, you name it. The bad guys know that lawyers are the custodians of valuable information and they are coming after us in a big way. The message for all of us is clear: you could be subject to an ethics grievance if you don’t take proper steps to secure your clients’ information.

The responsibility to protect our client information is nothing new. However, these recent events require us apply an increased sense of urgency to evaluating our compliance with that duty. Have you, or your firm, taken the necessary steps to adequately protect your clients’ information? Have you considered the fact that bad guys could be targeting you? What steps have you taken to counteract the potential piracy that could be aimed at your clients’ information?

You could be darn sure that someone is going to be asking those questions to the firms that were targeted in the hacks. Maybe you need to put yourself in their position and ask, “how would we fare if that review was directed toward us?”

Our duty of competence requires that we take appropriate steps to protect our clients’ confidential information. And remember that you, as the lawyer, have the primary ethical duty, not your IT people. Furthermore, various ethics opinions have held that, in some circumstances, the lawyer needs to understand the underlying technology itself.

If these issues weren’t on the front burner in your office before, these two hacks should be causing you to shift your priorities.

This is the first case I’ve seen where someone sued another person for making a false claim on the internet…and won. Here a lawyer represented someone in their divorce. The client was unhappy with the lawyer and went on an online rant. The problem was that the rant was full of lies, so the lawyer sued for defamation. The lawyer won at trial and on appeal…she got $350,000 in damages. Yikes! If you want to read the decision, you could find it here.

A recent opinion of out New York says that our LinkedIn profile may be considered an advertisement. Maybe more importantly, the opinion imposes a duty upon lawyers to periodically review their social media profile. I call it the “I told you so” opinion because I’ve been telling this to lawyers for some time in my ethics CLE programs.

Sure, the opinion is limited- it’s out of one particular state and it’s only advisory. But the rationale is solid and I could envision it being adopted in other jurisdictions.

Furthermore, the practical implications could be significant. For instance, any misleading statements on your profile would now be governed by the content restrictions contained in Rule 7.1; if you’re in a jurisdiction where disclaimers are require on ads, you may need to insert a disclaimer into your LinkedIn profile; maybe the concept applies to all social media sites that you use for professional purposes…and the list of concerns could go on. To get all of the details, download the full NYCLA Opinion 748 here.

—————-

I cover this concept in my ethics CLE program, “Tech, Tock, Tech, Tock: Social media and the countdown to your ethical demise.” Email me at stuart.teicher@icloud.com if you want some more information.

Here’s my latest Threat Assessment- those are my short warnings about key ethics dangers that both lawyers and the PD professionals who care about them, need to know.

Today: Technology scare (what a shocker). Our duty to supervise may have been drastically expanded in a recent opinion out of California. Specifically, the California Bar’s Standing Committee on Professional Responsibility and Conduct, Formal Opinion Np. 2015-193.

The opinion presents a hypo about a lawyer who messed up. He didn’t understand the technicalities of e-discovery, didn’t seek help from a professional with knowledge, and he let his adversary conduct an unsupervised e-discovery review of the client’s files. Result: disaster. There were allegations of withholding/obstructing discovery and a major leak of proprietary/confidential information to a major competitor. The opinion holds that the lawyer should have known better.

POINT 1 of 2: Competence is being expanded

The opinion states:

“An attorney’s obligations under the ethical duty of competence evolve as new technologies develop and become integrated with the practice of law.
* * *
Attorney competence related to litigation generally requires, among other things, and at a minimum, a basic understanding of, and facility with, issues relating to e-discovery, including the discovery of electronically stored information (“ESI”).”

What we need to know: Certain technologies that have so integrated themselves into the practice that our duty of competence demands that we understand them. We can’t just rely on our “people” to know about it. We need to, individually, understand the systems.

What we need to know: We need to understand the underlying technology, not just the “law” about that technology.

POINT 2 of 2: Our duty to supervise is being expanded drastically.

The opinion also stated:

“The duty of competence…includes the duty to supervise the work of subordinate attorneys and non- attorney employees or agents…This duty to supervise can extend to outside vendors or contractors, and even to the client itself.”

What we need to know: Our duty to supervise doesn’t just include the lawyers and non-lawyers in our office. It is also includes vendors and contractors. But the big extension is that it might also include supervising the client itself. That is a change- we are familiar with the need to “advise” and “guide” a client. Now we may also be required to “supervise” the client as well. Does that mean watching their IT people? It depends, but this opinion basically says yes, sometimes.

Find more information like this in my live program: Tech Tock, Tech Tock: Social Media and the Countdown to Your Ethical Demise. See my course list here.

There are a ton of obvious ethics violations that lawyers might commit when using social media, but few people consider whether their posts violate the rule on Trial Publicity. Did the lawyer’s internet search rise to the level of “participating…in the investigation” of a matter?” Was that errant tweet an “extrajudicial statement” that triggers the rule? You need to know this usual potential violation.

Here’s the rule, with the key phrases I’ll discuss in bold.

Rule 3.6. Trial publicity

(a) A lawyer who is participating or has participated in the investigation or litigation of a matter shall not make an extrajudicial statement that the lawyer knows or reasonably should know will be disseminated by means of public communication and will have a substantial likelihood of materially prejudicing an adjudicative proceeding in the matter.

I recently spoke at a law firm about the ethical implications when lawyers use technology. I was talking about lawyers who choose to store client information in the cloud and I explained how the lawyer needs to understand the technology associated with the cloud storage site that the lawyer may use. I explained that Rule 1.1 (Competence) demands that we, personally, understand those details. It was exactly then that a very irate lawyer shot up his hand and barked at me, “I’ll just bring my IT guy with me and point to him. I’ll tell that committee to talk to HIM about it, then I’ll leave.” While I was itching to answer in an obnoxiously New Jersey manner, I noticed that the angry lawyer was the only man in the room who happened to be older, white haired, male, and wearing a suit. He had “managing partner” written all over him. It was at that point that I figured I’d soften the edge on my reply, lest I not be invited back to the firm. I (ever so gently) explained that it was the lawyer’s individual responsibility to understand the technology and that we would not be permitted to simply bring our support staff to a grievance and wash our hands of the situation.

I thought of this today because I was reading the Alaska Bar Association Ethics Opinion No. 2014-3. That opinion addressed the ethics of using cloud services, and there is one sentence in particular that stood out. The opinion reminds us that, “Because the lawyer’s duties of confidentiality and competence are ongoing and not delegable, a lawyer must take reasonable steps to protect client information when storing data in the cloud.” Op. 2014-3 at 1-2. The key words, of course, are “ongoing and not delegable.”

Our duty of competence is a personal requirement. Sure, we can employ support staff to assist us with our practice, but the ultimate responsibility to maintain our competence lies with us. That lawyers would not have been able to simply bring his IT guy to the grievance and throw him to the disciplinary wolves. In fact, if he tried to do that I think he might get bit himself.